Cyber Resilience

CVE-2026-32589

HighUpdated

Published: 08 April 2026

Published
08 April 2026
Modified
09 June 2026
KEV Added
Patch
CVSS Score v3.1 7.4 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L
EPSS Score 0.0007 21.6th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2026-32589 is a high-severity Authorization Bypass Through User-Controlled Key (CWE-639) vulnerability in Redhat Mirror Registry For Red Hat Openshift. Its CVSS base score is 7.4 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Compromise Software Supply Chain (T1195.002); ranked at the 21.6th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-4 (Information in Shared System Resources).

Deeper analysis

CVE-2026-32589 is a vulnerability in Red Hat Quay's container image upload process, classified under CWE-639 (Authorization Bypass Through User-Controlled Key). It enables interference with concurrent image uploads across the registry. The issue was published on 2026-04-08 and carries a CVSS v3.1 base score of 7.4 (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L), indicating high severity due to its network accessibility, low complexity, and scope change.

An authenticated attacker with push access to any repository on the Red Hat Quay registry can exploit this flaw to target in-progress image uploads by other users, including those in repositories to which the attacker lacks access. Successful exploitation allows the attacker to read, modify, or cancel these uploads, potentially disrupting operations or compromising image integrity.

Mitigation details and patches are documented in the Red Hat security advisory at https://access.redhat.com/security/cve/CVE-2026-32589 and the associated Bugzilla entry at https://bugzilla.redhat.com/show_bug.cgi?id=2446963. Security practitioners should consult these resources for version-specific remediation guidance.

EU & UK References

Vulnerability details

A flaw was found in Red Hat Quay's container image upload process. An authenticated user with push access to any repository on the registry can interfere with image uploads in progress by other users, including those in repositories they do…

more

not have access to. This could allow the attacker to read, modify, or cancel another user's in-progress image upload.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1195.002 Compromise Software Supply Chain Initial Access
Adversaries may manipulate application software prior to receipt by a final consumer for the purpose of data or system compromise.
T1565.002 Transmitted Data Manipulation Impact
Adversaries may alter data en route to storage or other systems in order to manipulate external outcomes or hide activity, thus threatening the integrity of the data.
Why these techniques?

Authorization bypass enables direct tampering with in-progress container image uploads (transmitted data manipulation) and supply-chain compromise via registry image integrity attacks.

Confidence: MEDIUM · MITRE ATT&CK Enterprise v18.1

CVEs Like This One

CVE-2026-32590Same product: Redhat Mirror Registry For Red Hat Openshift
CVE-2026-28368Same vendor: Redhat
CVE-2026-3009Same vendor: Redhat
CVE-2026-1616Same vendor: Redhat
CVE-2026-9064Same vendor: Redhat
CVE-2026-3872Same vendor: Redhat
CVE-2026-3047Same vendor: Redhat
CVE-2026-7507Same vendor: Redhat
CVE-2026-4282Same vendor: Redhat
CVE-2026-28367Same vendor: Redhat

Affected Assets

redhat
mirror registry for red hat openshift
2.0, all versions
redhat
quay
3.0.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Enforces approved authorizations for access to system resources, directly preventing authenticated users from interfering with image uploads in unauthorized repositories.

prevent

Prevents unauthorized information transfer via shared system resources exploited during concurrent container image uploads across the registry.

prevent

Limits push privileges to least functionality required for specific repositories, reducing the attack surface for cross-repository upload interference.

References